GRC is a discipline that aims to synchronize information and activity across governance, risk management and compliance in order to create efficiency, enable more effective information sharing and reporting and avoid wasteful overlaps. However, there are two very common challenges that every organization faces when using the very technical GRC system. For one, GRC reports are typically difficult to customize and require additional resources to identify the right information and then get in into the right hands. Secondly, most organizations experience a disconnect between the business and technical aspects of the solution, meaning business teams and IT don’t communicate and collaborate as effectively as needed to connect the dots and optimize the solution’s powerful capabilities.

itelligence has developed the unique SAP GRC Technical Architecture below to help you visualize and better understand how the overall structure works together. You can see in this diagram (Picture 1) that the rules (representing everyday usage) are stored in the ruleset, and are generated by risk. The risk is comprised by functions, which is the entity that identifies what a risk is. This detailed yet simple architecture connects the dots between the business and technical aspect of GRC, which is hard to come by.

Author:
Rahul Urs

Rahul Urs is a solution architect at itelligence who specializes in SAP security, SAP HANA, GRC solutions and BW/BOE. He leads a wide variety of projects, focusing on streamlining SAP GRC, SAP HANA, and SAP security to support compliance and new technology initiatives. Rahul is an SAP subject matter expert and published author with articles that have appeared in SAPInsider magazine and SAPExperts website.